jnelipowitz
asked on
Microsoft Exchange Server Installed on a Member Server
I'm installing Microsoft Exchange 2000 on a Microsoft 2000 Server and the server will be located in the DMZ of our filewall. My question is can the Microsoft 2000 Server be a member server or does this server have to be an active directory domain controller?
As long as it can contact a Domain Controller, it is fine where you keep it.
Although whatever your reasons for wanting to put the machine in the DMZ, I can guarantee that they are wrong. There are no good reasons for putting an Exchange server in the DMZ, certainly not a Windows 2000/Exchange 2000 system which cannot defend itself from even the most basic of attacks (directory harvest).
Why are you putting this server in the DMZ? What is its purpose in there?
If it is for anything "security" related then you have been misguided.
Simon.
Why are you putting this server in the DMZ? What is its purpose in there?
If it is for anything "security" related then you have been misguided.
Simon.
ASKER
My understanding is that our existing Exchange 5.5 Server was place in the DMZ of our Cisco 515e PIX firewall for security. The DMZ is a separate subnet that can not be contacted by the Domain Controller.
The security reason is completely false. Putting an Exchange server does not improve your security in any shape or form. It actually reduces your security. Due to the way that Exchange works, it needs to constantly communicate with a domain controller, that domain controller needs to be the same one as the main backend server. If your DMZ cannot see the production network then you cannot run Exchange in the DMZ.
What does the server actually do/will do? SMTP, OWA, something else?
Simon.
What does the server actually do/will do? SMTP, OWA, something else?
Simon.
ASKER
It will be a standard Exchange 2000 server with the SMTP connector.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.